MISP
/
misp-dashboard
mirror of https://github.com/MISP/misp-dashboard
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [authentication] require authorization on hidden endpoints.

pull/129/head
VVX7 2019-10-02 18:20:11 -04:00
parent 88cc920bd3
commit 9c028e697f
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
server.py
View File

@ -400,6 +400,7 @@ def trendings():
''' INDEX '''
@app.route("/_logs")
@login_required
def logs():
if request.accept_mimetypes.accept_json or request.method == 'POST':
key = 'Attribute'
@ -418,6 +419,7 @@ def logs():
return Response(stream_with_context(event_stream_log()), mimetype="text/event-stream")
@app.route("/_maps")
@login_required
def maps():
if request.accept_mimetypes.accept_json or request.method == 'POST':
key = 'Map'
@ -427,6 +429,7 @@ def maps():
return Response(event_stream_maps(), mimetype="text/event-stream")
@app.route("/_get_log_head")
@login_required
def getLogHead():
return json.dumps(LogItem('').get_head_row())
@ -460,6 +463,7 @@ def event_stream_maps():
''' GEO '''
@app.route("/_getTopCoord")
@login_required
def getTopCoord():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -469,6 +473,7 @@ def getTopCoord():
return jsonify(data)
@app.route("/_getHitMap")
@login_required
def getHitMap():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -478,6 +483,7 @@ def getHitMap():
return jsonify(data)
@app.route("/_getCoordsByRadius")
@login_required
def getCoordsByRadius():
try:
dateStart = datetime.datetime.fromtimestamp(float(request.args.get('dateStart')))
@ -494,14 +500,17 @@ def getCoordsByRadius():
''' CONTRIB '''
@app.route("/_getLastContributors")
@login_required
def getLastContributors():
return jsonify(contributor_helper.getLastContributorsFromRedis())
@app.route("/_eventStreamLastContributor")
@login_required
def getLastContributor():
return Response(eventStreamLastContributor(), mimetype="text/event-stream")
@app.route("/_eventStreamAwards")
@login_required
def getLastStreamAwards():
return Response(eventStreamAwards(), mimetype="text/event-stream")
@ -539,6 +548,7 @@ def eventStreamAwards():
subscriber_lastAwards.unsubscribe()
@app.route("/_getTopContributor")
@login_required
def getTopContributor(suppliedDate=None, maxNum=100):
if suppliedDate is None:
try:
@ -552,6 +562,7 @@ def getTopContributor(suppliedDate=None, maxNum=100):
return jsonify(data)
@app.route("/_getFameContributor")
@login_required
def getFameContributor():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -562,6 +573,7 @@ def getFameContributor():
return getTopContributor(suppliedDate=date, maxNum=10)
@app.route("/_getFameQualContributor")
@login_required
def getFameQualContributor():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -572,10 +584,12 @@ def getFameQualContributor():
return getTopContributor(suppliedDate=date, maxNum=10)
@app.route("/_getTop5Overtime")
@login_required
def getTop5Overtime():
return jsonify(contributor_helper.getTop5OvertimeFromRedis())
@app.route("/_getOrgOvertime")
@login_required
def getOrgOvertime():
try:
org = request.args.get('org')
@ -584,6 +598,7 @@ def getOrgOvertime():
return jsonify(contributor_helper.getOrgOvertime(org))
@app.route("/_getCategPerContrib")
@login_required
def getCategPerContrib():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -593,6 +608,7 @@ def getCategPerContrib():
return jsonify(contributor_helper.getCategPerContribFromRedis(date))
@app.route("/_getLatestAwards")
@login_required
def getLatestAwards():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -602,10 +618,12 @@ def getLatestAwards():
return jsonify(contributor_helper.getLastAwardsFromRedis())
@app.route("/_getAllOrg")
@login_required
def getAllOrg():
return jsonify(contributor_helper.getAllOrgFromRedis())
@app.route("/_getOrgRank")
@login_required
def getOrgRank():
try:
org = request.args.get('org')
@ -614,6 +632,7 @@ def getOrgRank():
return jsonify(contributor_helper.getCurrentOrgRankFromRedis(org))
@app.route("/_getContributionOrgStatus")
@login_required
def getContributionOrgStatus():
try:
org = request.args.get('org')
@ -622,6 +641,7 @@ def getContributionOrgStatus():
return jsonify(contributor_helper.getCurrentContributionStatus(org))
@app.route("/_getHonorBadges")
@login_required
def getHonorBadges():
try:
org = request.args.get('org')
@ -630,6 +650,7 @@ def getHonorBadges():
return jsonify(contributor_helper.getOrgHonorBadges(org))
@app.route("/_getTrophies")
@login_required
def getTrophies():
try:
org = request.args.get('org')
@ -639,6 +660,7 @@ def getTrophies():
@app.route("/_getAllOrgsTrophyRanking")
@app.route("/_getAllOrgsTrophyRanking/<string:categ>")
@login_required
def getAllOrgsTrophyRanking(categ=None):
return jsonify(contributor_helper.getAllOrgsTrophyRanking(categ))
@ -646,6 +668,7 @@ def getAllOrgsTrophyRanking(categ=None):
''' USERS '''
@app.route("/_getUserLogins")
@login_required
def getUserLogins():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -657,10 +680,12 @@ def getUserLogins():
return jsonify(data)
@app.route("/_getAllLoggedOrg")
@login_required
def getAllLoggedOrg():
return jsonify(users_helper.getAllOrg())
@app.route("/_getTopOrglogin")
@login_required
def getTopOrglogin():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -671,6 +696,7 @@ def getTopOrglogin():
return jsonify(data)
@app.route("/_getLoginVSCOntribution")
@login_required
def getLoginVSCOntribution():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -681,6 +707,7 @@ def getLoginVSCOntribution():
return jsonify(data)
@app.route("/_getUserLoginsAndContribOvertime")
@login_required
def getUserLoginsAndContribOvertime():
try:
date = datetime.datetime.fromtimestamp(float(request.args.get('date')))
@ -693,6 +720,7 @@ def getUserLoginsAndContribOvertime():
''' TRENDINGS '''
@app.route("/_getTrendingEvents")
@login_required
def getTrendingEvents():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))
@ -706,6 +734,7 @@ def getTrendingEvents():
return jsonify(data)
@app.route("/_getTrendingCategs")
@login_required
def getTrendingCategs():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))
@ -719,6 +748,7 @@ def getTrendingCategs():
return jsonify(data)
@app.route("/_getTrendingTags")
@login_required
def getTrendingTags():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))
@ -732,6 +762,7 @@ def getTrendingTags():
return jsonify(data)
@app.route("/_getTrendingSightings")
@login_required
def getTrendingSightings():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))
@ -744,6 +775,7 @@ def getTrendingSightings():
return jsonify(data)
@app.route("/_getTrendingDisc")
@login_required
def getTrendingDisc():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))
@ -757,6 +789,7 @@ def getTrendingDisc():
return jsonify(data)
@app.route("/_getTypeaheadData")
@login_required
def getTypeaheadData():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))
@ -769,6 +802,7 @@ def getTypeaheadData():
return jsonify(data)
@app.route("/_getGenericTrendingOvertime")
@login_required
def getGenericTrendingOvertime():
try:
dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))